Research and Statistics

As banks talk with Facebook, time to review your privacy rights


With Facebook seeking customer data from banks, federal privacy protections let you opt out of some data sharing by financial institutions.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

With Facebook asking banks to share customer information, now is a good time to review your privacy rights when it comes to financial data.

Banks and card issuers can share your sensitive information – including identity, Social Security number and payment history. When the sharing is for business purposes, such as updating your credit report or completing transactions, you don’t have a choice.

But under the Gramm-Leach-Bliley Act, you can opt out of having your information shared for certain marketing purposes outside the company and its affiliates.

Facebook looks to partner with banks

On Aug. 6, the Wall Street Journal reported that Facebook has been talking with banks about sharing customer information back and forth. The moves come as Facebook seeks to deepen engagement with its user base.

The company issued a statement saying the story was overblown. Facebook is seeking to partner with banks to allow Messenger chat service to be a platform for bank customers to communicate with customer service.

“The idea is that messaging with a bank can be better than waiting on hold over the phone,” Facebook spokeswoman Elisabeth Diana said in a statement, “and it’s completely opt-in.” She denied that Facebook is actively seeking transaction data.

But Facebook does already partner with PayPal to carry out transactions via the platform. And industry analysts expect more collaboration between financial services and social networks.

What you should know about privacy rights

  • Privacy opt-out can limit bank sharing your data with Facebook.
  • Under Gramm-Leach-Bliley, you can opt out of some data sharing by financial institutions.
  • Social networks promise convenience, but bank apps and online platforms offer greater security.

“If they are a non-affiliate, the financial institution could not share information with Facebook if you had opted out from information sharing,” said Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, a nonprofit privacy advocate based in San Diego.

However, service providers and joint marketing partners are not covered by opt-out rights, if they are involved in certain business purposes.

The structure of whatever partnership emerges between banks and Facebook will determine the limits of GLBA opt-out rights.

Potentially, Facebook might have to issue its own opt-out notices, if its role meets the definition of a financial service under the law, Stephens said.

See related: guide to privacy notices, with links to major credit cards’ online disclosures

Fewer privacy notices, but more noticeable

Knowing what you can keep private and what you can’t is complicated. Fortunately, notices of your privacy rights are becoming more helpful.

Under a federal regulation issued last week that finalizes a 2015 law, financial institutions can skip sending you a notice of your privacy rights – in certain circumstances. The law took effect in December 2015.

The exception means you should only receive an annual notice if the institution shares your information in ways that you can prevent.

You should get the privacy notice:

  • When you sign up for a new bank account or credit card.
  • Annually, if the company shares information in ways you can prevent.
  • If the company’s practices change from its previous notice to you.

The change is designed to “put an end to redundant mailings and it would also make it more likely for people to pay closer attention to mailings they receive from their financial institutions because they would be receiving fewer,” said Rep. Blaine Luetkemeyer, R-Mo., sponsor of the legislation.

While notices must be delivered annually, consumers can exercise their opt-out rights at any time.

Whether it’s delivered by regular mail or a link to an online page, the boilerplate notice is easy to ignore. But with privacy concerns heating up, it may be wise to pay more attention.

“If they are a non-affiliate, the financial institution could not share information with Facebook if you had opted out from information sharing.”

How opt-out rights can protect you

Opting out of third-party information sharing under GLBA should prevent tie-ins of the sort that the WSJ article outlined.

“I would strongly advise anyone from sharing financial information with Facebook,” Stephens said. “They already have so much information about us – it could be a marketing gold mine for them, but not in the best interest of consumers.”

Of course, if you opt in for a financial service such as getting account alerts via Messenger, the sign-up process will mean giving the necessary permissions for the service to operate, overriding any blanket opt-out choice.

“I would strongly advise anyone from sharing financial information with Facebook. They already have so much information about us – it could be a marketing gold mine for them, but not in the best interest of consumers.”

Even such routine communications could be mined to reveal details about your financial picture that you might not want to share beyond your bank, Stephens said.

“If I’m engaging in any sort of conversation with my financial institution, I don’t want Facebook to be privy to the content of that conversation,” he said. With most banks having their own mobile apps and chat options, there’s no need to go through intermediaries, decreasing privacy and security, he said.

See related: Tech lobbying efforts likely to shape federal data privacy legislation outcomes

Other opt-out rights unaffected by new regulation

You can also opt out of receiving pre-screened offers of credit under the Fair Credit Reporting Act. Many banks include notice of those opt-out rights in a single privacy notice that includes the Gramm-Leach-Bliley notice.

“Financial institutions that choose to take advantage of the annual notice exemption must still provide any opt-out disclosures required under the Fair Credit Reporting Act,” said a blog post by Ballard Spahr attorney Barbara Mishkin.

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Research and Statistics

Discover reclaims top rank in J.D. Power Satisfaction Study

Rewards programs are a top factor on people’s satisfaction with credit cards, JD Power’s annual survey found. In 2018, Discover reclaimed the top position, with American Express in close second.

See more stories
Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more